恢复前版本 2023-08-31

Author: hktalent

README.md

@@ -225,6 +225,7 @@ more see: <a href=https://github.com/hktalent/ProScan4all/discussions>discussion
 |<img src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/wc.png>|<img width=166 src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/zfb.png>|[paypal](https://www.paypal.me/pwned2019) **[email protected]**|<img width=166 src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/BTC.png>|<img width=166 src=https://raw.githubusercontent.com/hktalent/myhktools/main/md/BCH.jpg>|
 
 <!--
+go mod vendor 2>&1|grep "go get "|sort -u
 
 cat $HOME/MyWork/scan4all/json/paypal.com.json|sed 's/=.*//g'|sort -u|nuclei -sa -t $PWD/config/nuclei-templates -no-strict-syntax -severity critical,high,medium -type http,network,websocket,dns,ssl -report-config $PWD/config/nuclei_esConfig.yaml  -ztls -config-directory ${PWD}/config/nuclei -interactions-cache-size 5000 -interactions-eviction 60 -interactions-poll-duration 5 -interactions-cooldown-period 5 -max-host-error 5 -duc -json -o paypal_nuclei.json
 

brute/admin_brute.go

@@ -3,7 +3,7 @@ package brute
 import (
 	"crypto/md5"
 	"fmt"
-	"github.com/hktalent/ProScan4all/lib/util"
+	"github.com/hktalent/scan4all/lib/util"
 	"net/url"
 	"regexp"
 	"strings"

brute/basic_brute.go

@@ -1,12 +1,13 @@
 package brute
 
 import (
-	"github.com/hktalent/ProScan4all/lib/util"
+	"github.com/hktalent/scan4all/lib/util"
 )
 
 // 优化应该考虑
-//  1、一天内相同目标的结果缓存，只执行一次
-//  2、应该考虑多线程并发执行
+//
+//	1、一天内相同目标的结果缓存，只执行一次
+//	2、应该考虑多线程并发执行
 func Basic_brute(url string) (username string, password string) {
 	if req, err := util.HttpRequsetBasic("asdasdascsacacs", "adcadcadcadcadcadc", url, "HEAD", "", false, nil); err == nil {
 		// 超文本传输​​协议(HTTP) 401 Unauthorized 客户端错误状态响应代码表示客户端请求尚未完成，因为它缺少所请求资源的有效身份验证凭据

brute/bypass403.go

@@ -2,7 +2,7 @@ package brute
 
 import (
 	"context"
-	"github.com/hktalent/ProScan4all/lib/util"
+	"github.com/hktalent/scan4all/lib/util"
 	"net/http"
 	"regexp"
 	"strings"

brute/check_loginpage.go

@@ -1,8 +1,8 @@
 package brute
 
 import (
-	"github.com/hktalent/ProScan4all/lib/util"
-	"github.com/hktalent/ProScan4all/pkg/httpx/common/httpx"
+	"github.com/hktalent/scan4all/lib/util"
+	"github.com/hktalent/scan4all/pkg/httpx/common/httpx"
 	"net/url"
 	"regexp"
 	"strings"

brute/dicts.go

@@ -2,7 +2,7 @@ package brute
 
 import (
 	_ "embed"
-	"github.com/hktalent/ProScan4all/lib/util"
+	"github.com/hktalent/scan4all/lib/util"
 	"strings"
 )
 
@@ -21,14 +21,17 @@ var (
 )
 
 // by waf
+//
 //go:embed dicts/selfHd.txt
 var selfHds string
 
 // http 爆破user
+//
 //go:embed dicts/httpuser.txt
 var httpuser string
 
 // http 爆破密码字典
+//
 //go:embed dicts/httpass.txt
 var httpass string
 

brute/dicts/filedic.txt

@@ -2,6 +2,8 @@
 /login.jsp
 /stats.json
 /.well-known/security.txt
+/maximum-wiki-prod-app/
+/uPlOaDs/
 /admin/export?format=json
 ../../../../../../../../../../../../../../../../../../usr/local/cpanel/logs/login_log%00
 ../../../../../../../../../../../../../../../../../../usr/local/cpanel/logs/login_log

brute/filefuzz.go

@@ -5,9 +5,9 @@ import (
 	_ "embed"
 	"fmt"
 	"github.com/antlabs/strsim"
-	"github.com/hktalent/ProScan4all/lib/util"
-	"github.com/hktalent/ProScan4all/pkg/fingerprint"
 	Const "github.com/hktalent/go-utils"
+	"github.com/hktalent/scan4all/lib/util"
+	"github.com/hktalent/scan4all/pkg/fingerprint"
 	"io/ioutil"
 	"log"
 	"mime"
@@ -156,14 +156,15 @@ func init() {
 		}
 		//regs = append(regs, ret...)
 		// 基于工厂方法构建
-		util.EngineFuncFactory(Const.ScanType_WebDirScan, func(evt *Const.EventData, args ...interface{}) {
-			for _, x := range evt.EventData {
-				szT := fmt.Sprintf("%v", x)
-				filePaths, fileFuzzTechnologies := FileFuzz(szT, 200, 100, "")
-				util.SendEngineLog(evt, Const.ScanType_WebDirScan, filePaths, fileFuzzTechnologies)
-			}
-		})
-
+		if nil != util.EngineFuncFactory {
+			util.EngineFuncFactory(Const.ScanType_WebDirScan, func(evt *Const.EventData, args ...interface{}) {
+				for _, x := range evt.EventData {
+					szT := fmt.Sprintf("%v", x)
+					filePaths, fileFuzzTechnologies := FileFuzz(szT, 200, 100, "")
+					util.SendEngineLog(evt, Const.ScanType_WebDirScan, filePaths, fileFuzzTechnologies)
+				}
+			})
+		}
 		// 注册一个
 	})
 }

brute/fuzzAI.go

@@ -3,9 +3,9 @@ package brute
 import (
 	_ "embed"
 	"github.com/antlabs/strsim"
-	"github.com/hktalent/ProScan4all/lib/util"
-	"github.com/hktalent/ProScan4all/pkg"
-	"github.com/hktalent/ProScan4all/pkg/fingerprint"
+	"github.com/hktalent/scan4all/lib/util"
+	"github.com/hktalent/scan4all/pkg"
+	"github.com/hktalent/scan4all/pkg/fingerprint"
 	jsoniter "github.com/json-iterator/go"
 	"gorm.io/gorm"
 	"net/url"

brute/fuzzfingerprints.go

@@ -2,7 +2,7 @@ package brute
 
 import (
 	"fmt"
-	"github.com/hktalent/ProScan4all/lib/util"
+	"github.com/hktalent/scan4all/lib/util"
 	"strings"
 )
 

brute/jboss_brute.go

@@ -2,7 +2,7 @@ package brute
 
 import (
 	"fmt"
-	"github.com/hktalent/ProScan4all/lib/util"
+	"github.com/hktalent/scan4all/lib/util"
 )
 
 func Jboss_brute(url string) (username string, password string) {

brute/supportinfo.go

@@ -2,7 +2,7 @@ package brute
 
 import (
 	_ "embed"
-	"github.com/hktalent/ProScan4all/lib/util"
+	"github.com/hktalent/scan4all/lib/util"
 	"regexp"
 	"strings"
 )

brute/tomcat_brute.go

@@ -2,7 +2,7 @@ package brute
 
 import (
 	"fmt"
-	"github.com/hktalent/ProScan4all/lib/util"
+	"github.com/hktalent/scan4all/lib/util"
 )
 
 func Tomcat_brute(url string) (username string, password string) {

brute/weblogic_brute.go

@@ -2,13 +2,14 @@ package brute
 
 import (
 	"fmt"
-	"github.com/hktalent/ProScan4all/lib/util"
+	"github.com/hktalent/scan4all/lib/util"
 )
 
 // weblogic默认的登陆尝试次数为5次，
-//  5次失败则weblogic用户锁定，即使你已经找到正确的密码，也不能登陆到console
-//  默认的锁定时间为30分钟，后期可以设置策略，自动后台运行，每30分钟走一轮不重复的密码
-//  后期再优化间隔35分钟后继续后面的密码
+//
+//	5次失败则weblogic用户锁定，即使你已经找到正确的密码，也不能登陆到console
+//	默认的锁定时间为30分钟，后期可以设置策略，自动后台运行，每30分钟走一轮不重复的密码
+//	后期再优化间隔35分钟后继续后面的密码
 func Weblogic_brute(url string) (username string, password string) {
 	if req, err := util.HttpRequset(url+"/console/login/LoginForm.jsp", "GET", "", false, nil); err == nil {
 		if req.StatusCode == 200 {

config/scan4all_db.db

@@ -2,32 +2,32 @@ package main
 
 import (
 	"embed"
-	_ "github.com/hktalent/ProScan4all/engine"
-	"github.com/hktalent/ProScan4all/lib/util"
-	"github.com/hktalent/ProScan4all/pocs_go"
-	"github.com/hktalent/ProScan4all/pocs_go/Springboot"
-	"github.com/hktalent/ProScan4all/pocs_go/ThinkPHP"
-	"github.com/hktalent/ProScan4all/pocs_go/VMware/vCenter"
-	"github.com/hktalent/ProScan4all/pocs_go/apache"
-	"github.com/hktalent/ProScan4all/pocs_go/confluence"
-	"github.com/hktalent/ProScan4all/pocs_go/f5"
-	"github.com/hktalent/ProScan4all/pocs_go/fastjson"
-	"github.com/hktalent/ProScan4all/pocs_go/gitlab"
-	"github.com/hktalent/ProScan4all/pocs_go/jboss"
-	"github.com/hktalent/ProScan4all/pocs_go/jenkins"
-	"github.com/hktalent/ProScan4all/pocs_go/landray"
-	"github.com/hktalent/ProScan4all/pocs_go/mcms"
-	"github.com/hktalent/ProScan4all/pocs_go/ms"
-	"github.com/hktalent/ProScan4all/pocs_go/phpunit"
-	"github.com/hktalent/ProScan4all/pocs_go/ruby"
-	"github.com/hktalent/ProScan4all/pocs_go/seeyon"
-	"github.com/hktalent/ProScan4all/pocs_go/spark"
-	"github.com/hktalent/ProScan4all/pocs_go/sunlogin"
-	"github.com/hktalent/ProScan4all/pocs_go/tomcat"
-	"github.com/hktalent/ProScan4all/pocs_go/tongda"
-	"github.com/hktalent/ProScan4all/pocs_go/weblogic"
-	"github.com/hktalent/ProScan4all/pocs_go/zabbix"
-	"github.com/hktalent/ProScan4all/pocs_go/zentao"
+	_ "github.com/hktalent/scan4all/engine"
+	"github.com/hktalent/scan4all/lib/util"
+	"github.com/hktalent/scan4all/pocs_go"
+	"github.com/hktalent/scan4all/pocs_go/Springboot"
+	"github.com/hktalent/scan4all/pocs_go/ThinkPHP"
+	"github.com/hktalent/scan4all/pocs_go/VMware/vCenter"
+	"github.com/hktalent/scan4all/pocs_go/apache"
+	"github.com/hktalent/scan4all/pocs_go/confluence"
+	"github.com/hktalent/scan4all/pocs_go/f5"
+	"github.com/hktalent/scan4all/pocs_go/fastjson"
+	"github.com/hktalent/scan4all/pocs_go/gitlab"
+	"github.com/hktalent/scan4all/pocs_go/jboss"
+	"github.com/hktalent/scan4all/pocs_go/jenkins"
+	"github.com/hktalent/scan4all/pocs_go/landray"
+	"github.com/hktalent/scan4all/pocs_go/mcms"
+	"github.com/hktalent/scan4all/pocs_go/ms"
+	"github.com/hktalent/scan4all/pocs_go/phpunit"
+	"github.com/hktalent/scan4all/pocs_go/ruby"
+	"github.com/hktalent/scan4all/pocs_go/seeyon"
+	"github.com/hktalent/scan4all/pocs_go/spark"
+	"github.com/hktalent/scan4all/pocs_go/sunlogin"
+	"github.com/hktalent/scan4all/pocs_go/tomcat"
+	"github.com/hktalent/scan4all/pocs_go/tongda"
+	"github.com/hktalent/scan4all/pocs_go/weblogic"
+	"github.com/hktalent/scan4all/pocs_go/zabbix"
+	"github.com/hktalent/scan4all/pocs_go/zentao"
 	"log"
 	"os"
 )

cveMain.go

@@ -1,8 +1,8 @@
 package main
 
 import (
-	"github.com/hktalent/ProScan4all/lib/util"
-	"github.com/hktalent/ProScan4all/pkg/xcmd"
+	"github.com/hktalent/scan4all/lib/util"
+	"github.com/hktalent/scan4all/pkg/xcmd"
 	"log"
 	"strings"
 	"testing"

doNaabu_test.go

@@ -5,10 +5,10 @@ import (
 	"context"
 	"fmt"
 	"github.com/asaskevich/govalidator"
-	"github.com/hktalent/ProScan4all/lib/util"
-	"github.com/hktalent/ProScan4all/pocs_go"
 	Const "github.com/hktalent/go-utils"
 	"github.com/hktalent/jaeles/cmd"
+	"github.com/hktalent/scan4all/lib/util"
+	"github.com/hktalent/scan4all/pocs_go"
 	jsoniter "github.com/json-iterator/go"
 	"github.com/karlseguin/ccache"
 	"github.com/panjf2000/ants/v2"
@@ -424,14 +424,14 @@ func (x1 *Engine) Running() {
 // 引擎总入口
 func init() {
 	//log.Println("engineImp.go run")
-	util.RegInitFunc4Hd(func() {
-		// 下面的变量 不能移动到DoSyncFunc，否则全局变量将影响后续的init，导致无效的内存
-		NewEngine(&util.Ctx_global, util.GetValAsInt("ScanPoolSize", 5000))
-
-		util.DoSyncFunc(func() {
-			util.G_Engine.(*Engine).Running()
-		})
-	})
+	//util.RegInitFunc4Hd(func() {
+	//	// 下面的变量 不能移动到DoSyncFunc，否则全局变量将影响后续的init，导致无效的内存
+	//	NewEngine(&util.Ctx_global, util.GetValAsInt("ScanPoolSize", 5000))
+	//
+	//	util.DoSyncFunc(func() {
+	//		util.G_Engine.(*Engine).Running()
+	//	})
+	//})
 }
 
 // 发送方 的签名key

engine/engineImp.go

@@ -1,8 +1,8 @@
 package main
 
 import (
-	"github.com/hktalent/ProScan4all/lib/Smuggling"
-	"github.com/hktalent/ProScan4all/lib/util"
+	"github.com/hktalent/scan4all/lib/Smuggling"
+	"github.com/hktalent/scan4all/lib/util"
 	"os"
 	"testing"
 )

geCurIp_test.go

@@ -1,8 +1,8 @@
 package main
 
 import (
-	main2 "github.com/hktalent/ProScan4all/lib/Smuggling/generate"
 	util "github.com/hktalent/go-utils"
+	main2 "github.com/hktalent/scan4all/lib/Smuggling/generate"
 	"testing"
 )